X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fwall_attach.php;h=15e3d3f75e2384f8a8030e31d88c58f2280fb3f2;hb=e36f2bb1fb3439e9993c7568e57140c4f954b772;hp=03d9f51055aa43f9920aa4dcbb7f602bfa4d0483;hpb=2b8c4df544f59d611ad1e8fc0dbc5fcd38bee8f7;p=friendica.git

diff --git a/mod/wall_attach.php b/mod/wall_attach.php
index 03d9f51055..472a807324 100644
--- a/mod/wall_attach.php
+++ b/mod/wall_attach.php
@@ -1,21 +1,38 @@
 <?php
+/**
+ * @file mod/wall_attach.php
+ */
+use Friendica\App;
+use Friendica\Core\Config;
+use Friendica\Database\DBM;
+use Friendica\Util\Mimetype;
 
-require_once('include/attach.php');
-require_once('include/datetime.php');
+require_once 'include/datetime.php';
 
-function wall_attach_post(&$a) {
+function wall_attach_post(App $a) {
+
+	$r_json = (x($_GET,'response') && $_GET['response']=='json');
 
 	if($a->argc > 1) {
 		$nick = $a->argv[1];
 		$r = q("SELECT `user`.*, `contact`.`id` FROM `user` LEFT JOIN `contact` on `user`.`uid` = `contact`.`uid`  WHERE `user`.`nickname` = '%s' AND `user`.`blocked` = 0 and `contact`.`self` = 1 LIMIT 1",
 			dbesc($nick)
 		);
-		if(! count($r))
+		if (! DBM::is_result($r)) {
+			if ($r_json) {
+				echo json_encode(['error'=>t('Invalid request.')]);
+				killme();
+			}
 			return;
-
 	}
-	else
+
+	} else {
+		if ($r_json) {
+			echo json_encode(['error'=>t('Invalid request.')]);
+			killme();
+		}
 		return;
+	}
 
 	$can_post  = false;
 	$visitor   = 0;
@@ -29,61 +46,98 @@ function wall_attach_post(&$a) {
 		$can_post = true;
 	else {
 		if($community_page && remote_user()) {
-			$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
-				intval(remote_user()),
-				intval($page_owner_uid)
-			);
-			if(count($r)) {
-				$can_post = true;
-				$visitor = remote_user();
+			$contact_id = 0;
+			if(is_array($_SESSION['remote'])) {
+				foreach($_SESSION['remote'] as $v) {
+					if($v['uid'] == $page_owner_uid) {
+						$contact_id = $v['cid'];
+						break;
+					}
+				}
+			}
+			if($contact_id) {
+
+				$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
+					intval($contact_id),
+					intval($page_owner_uid)
+				);
+				if (DBM::is_result($r)) {
+					$can_post = true;
+					$visitor = $contact_id;
+				}
 			}
 		}
 	}
-
 	if(! $can_post) {
+		if ($r_json) {
+			echo json_encode(['error'=>t('Permission denied.')]);
+			killme();
+		}
 		notice( t('Permission denied.') . EOL );
 		killme();
 	}
 
-	if(! x($_FILES,'userfile'))
+	if(! x($_FILES,'userfile')) {
+		if ($r_json) {
+			echo json_encode(['error'=>t('Invalid request.')]);
+		}
 		killme();
+	}
 
 	$src      = $_FILES['userfile']['tmp_name'];
 	$filename = basename($_FILES['userfile']['name']);
 	$filesize = intval($_FILES['userfile']['size']);
 
-	$maxfilesize = get_config('system','maxfilesize');
+	$maxfilesize = Config::get('system','maxfilesize');
+
+	/* Found html code written in text field of form,
+	 * when trying to upload a file with filesize
+	 * greater than upload_max_filesize. Cause is unknown.
+	 * Then Filesize gets <= 0.
+	 */
+
+	if($filesize <=0) {
+		$msg = t('Sorry, maybe your upload is bigger than the PHP configuration allows') . EOL .(t('Or - did you try to upload an empty file?'));
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			notice( $msg. EOL );
+		}
+		@unlink($src);
+		killme();
+	}
 
 	if(($maxfilesize) && ($filesize > $maxfilesize)) {
-		notice( sprintf(t('File exceeds size limit of %d'), $maxfilesize) . EOL);
+		$msg = sprintf(t('File exceeds size limit of %s'), formatBytes($maxfilesize));
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		@unlink($src);
-		return;
+		killme();
 	}
 
 	$filedata = @file_get_contents($src);
-	$mimetype = z_mime_content_type($filename);
-	$hash = random_string();
+	$mimetype = Mimetype::getContentType($filename);
+	$hash = get_guid(64);
 	$created = datetime_convert();
-	$r = q("INSERT INTO `attach` ( `uid`, `hash`, `filename`, `filetype`, `filesize`, `data`, `created`, `edited`, `allow_cid`, `allow_gid`,`deny_cid`, `deny_gid` )
-		VALUES ( %d, '%s', '%s', '%s', %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s' ) ",
-		intval($page_owner_uid),
-		dbesc($hash),
-		dbesc($filename),
-		dbesc($mimetype),
-		intval($filesize),
-		dbesc($filedata),
-		dbesc($created),
-		dbesc($created),
-		dbesc('<' . $page_owner_cid . '>'),
-		dbesc(''),
-		dbesc(''),
-		dbesc('')
-	);		
+
+	$fields = ['uid' => $page_owner_uid, 'hash' => $hash, 'filename' => $filename, 'filetype' => $mimetype,
+		'filesize' => $filesize, 'data' => $filedata, 'created' => $created, 'edited' => $created,
+		'allow_cid' => '<' . $page_owner_cid . '>', 'allow_gid' => '','deny_cid' => '', 'deny_gid' => ''];
+
+	$r = dba::insert('attach', $fields);
 
 	@unlink($src);
 
 	if(! $r) {
-		echo ( t('File upload failed.') . EOL);
+		$msg =  t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
@@ -93,18 +147,25 @@ function wall_attach_post(&$a) {
 		dbesc($hash)
 	);
 
-	if(! count($r)) {
-		echo ( t('File upload failed.') . EOL);
+	if (! DBM::is_result($r)) {
+		$msg = t('File upload failed.');
+		if ($r_json) {
+			echo json_encode(['error'=>$msg]);
+		} else {
+			echo  $msg. EOL ;
+		}
 		killme();
 	}
 
-	$lf = '<br />';
+	if ($r_json) {
+		echo json_encode(['ok'=>true]);
+		killme();
+	}
 
-	if(local_user() && intval(get_pconfig(local_user(),'system','plaintext')))
-		$lf = "\n";
+	$lf = "\n";
 
 	echo  $lf . $lf . '[attachment]' . $r[0]['id'] . '[/attachment]' . $lf;
-	
+
 	killme();
 	// NOTREACHED
 }